Bugtraq mailing list archives
Re: [BUGTRAQ] php breaks safe mode
From: "Sander Steffann" <steffann () nederland net>
Date: Fri, 6 Jul 2001 10:25:13 +0200
Hi,
Usually the Webserver is able to read the sources of the PHP scripts. PHP scripts may include passwords for database access. Since PHP is usually mod_php and not suexec'd, this seems to be a common problem. With account to such databases really important damage could be done!
It's possible to protect yourself against this. PHP has an so-called open_basedir restriction, with which you can specify the directories that a script is allowed to access. You can set a different restriction for every VirtualHost. Sander.
Current thread:
- Re: php breaks safe mode, (continued)
- Re: php breaks safe mode Laurent Papier (Jul 02)
- Re: php breaks safe mode Joost Pol (Jul 02)
- Re: php breaks safe mode Laurent Papier (Jul 03)
- Re: php breaks safe mode Patrick Oonk (Jul 03)
- Re: php breaks safe mode Joost Pol (Jul 02)
- Re: [BUGTRAQ] php breaks safe mode Joe Harris (Jul 03)
- Re: [BUGTRAQ] php breaks safe mode Joost Pol (Jul 03)
- Re: [BUGTRAQ] php breaks safe mode Raptor (Jul 05)
- Re: [BUGTRAQ] php breaks safe mode H D Moore (Jul 05)
- Re: [BUGTRAQ] php breaks safe mode Steffen Dettmer (Jul 06)
- Re: [BUGTRAQ] php breaks safe mode Joost Pol (Jul 03)
- Re: [BUGTRAQ] php breaks safe mode Steffen Dettmer (Jul 05)
- Re: [BUGTRAQ] php breaks safe mode Sander Steffann (Jul 06)
- Re: php breaks safe mode Laurent Papier (Jul 02)